From 84bf42db1815bcf602ec8ec9b656859e4cb1d517 Mon Sep 17 00:00:00 2001
From: otelbot <197425009+otelbot@users.noreply.github.com>
Date: Fri, 18 Jul 2025 10:09:24 -0700
Subject: [PATCH 1/2] Add permissions that were missed on the first pass

---
 .github/workflows/backport.yml               | 2 ++
 .github/workflows/prepare-patch-release.yml  | 2 ++
 .github/workflows/prepare-release-branch.yml | 4 ++++
 3 files changed, 8 insertions(+)

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index 26789093f25..f5365989d66 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -9,6 +9,8 @@ on:
 jobs:
   backport:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write  # required for pushing changes
     steps:
       - run: |
           if [[ ! $GITHUB_REF_NAME =~ ^release/v[0-9]+\.[0-9]+\.x-0\.[0-9]+bx$ ]]; then
diff --git a/.github/workflows/prepare-patch-release.yml b/.github/workflows/prepare-patch-release.yml
index 680b3842b99..f8a9067a5b4 100644
--- a/.github/workflows/prepare-patch-release.yml
+++ b/.github/workflows/prepare-patch-release.yml
@@ -5,6 +5,8 @@ on:
 jobs:
   prepare-patch-release:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write  # required for pushing changes
     steps:
       - uses: actions/checkout@v4
 
diff --git a/.github/workflows/prepare-release-branch.yml b/.github/workflows/prepare-release-branch.yml
index edb906ed16c..902e9a22432 100644
--- a/.github/workflows/prepare-release-branch.yml
+++ b/.github/workflows/prepare-release-branch.yml
@@ -41,6 +41,8 @@ jobs:
   create-pull-request-against-release-branch:
     runs-on: ubuntu-latest
     needs: prereqs
+    permissions:
+      contents: write  # required for pushing changes
     steps:
       - uses: actions/checkout@v4
 
@@ -117,6 +119,8 @@ jobs:
   create-pull-request-against-main:
     runs-on: ubuntu-latest
     needs: prereqs
+    permissions:
+      contents: write  # required for pushing changes
     steps:
       - uses: actions/checkout@v4
 

From 03210dc396072ff9e7dcf6e50338ccf78851ddd4 Mon Sep 17 00:00:00 2001
From: emdneto <9735060+emdneto@users.noreply.github.com>
Date: Thu, 24 Jul 2025 19:19:25 -0300
Subject: [PATCH 2/2] fix

Signed-off-by: emdneto <9735060+emdneto@users.noreply.github.com>
---
 .github/workflows/prepare-patch-release.yml  | 3 +--
 .github/workflows/prepare-release-branch.yml | 6 ++----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/prepare-patch-release.yml b/.github/workflows/prepare-patch-release.yml
index 5524073b178..8414d821115 100644
--- a/.github/workflows/prepare-patch-release.yml
+++ b/.github/workflows/prepare-patch-release.yml
@@ -8,10 +8,9 @@ permissions:
 jobs:
   prepare-patch-release:
     permissions:
+      contents: write  # required for pushing changes
       pull-requests: write # required for adding labels to PRs
     runs-on: ubuntu-latest
-    permissions:
-      contents: write  # required for pushing changes
     steps:
       - uses: actions/checkout@v4
 
diff --git a/.github/workflows/prepare-release-branch.yml b/.github/workflows/prepare-release-branch.yml
index c43086aac83..ee8e971caf8 100644
--- a/.github/workflows/prepare-release-branch.yml
+++ b/.github/workflows/prepare-release-branch.yml
@@ -43,11 +43,10 @@ jobs:
 
   create-pull-request-against-release-branch:
     permissions:
+      contents: write  # required for pushing changes
       pull-requests: write # required for adding labels to PRs
     runs-on: ubuntu-latest
     needs: prereqs
-    permissions:
-      contents: write  # required for pushing changes
     steps:
       - uses: actions/checkout@v4
 
@@ -129,11 +128,10 @@ jobs:
 
   create-pull-request-against-main:
     permissions:
+      contents: write  # required for pushing changes
       pull-requests: write # required for adding labels to PRs
     runs-on: ubuntu-latest
     needs: prereqs
-    permissions:
-      contents: write  # required for pushing changes
     steps:
       - uses: actions/checkout@v4